GHSA-C3CJ-QMVM-36GX

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 21:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix calltrace warning in amddrm_buddy_fini

The following call trace is observed when removing the amdgpu driver, which is caused by that BOs allocated for psp are not freed until removing.

[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy] [61811.450577] Call Trace: [61811.450577] [61811.450579] amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu] [61811.450728] amdgpu_ttm_fini+0x207/0x290 [amdgpu] [61811.450870] amdgpu_bo_fini+0x27/0xa0 [amdgpu] [61811.451012] gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu] [61811.451166] amdgpu_device_fini_sw+0x117/0x520 [amdgpu] [61811.451306] amdgpu_driver_release_kms+0x16/0x30 [amdgpu] [61811.451447] devm_drm_dev_init_release+0x4d/0x80 [drm] [61811.451466] devm_action_release+0x15/0x20 [61811.451469] release_nodes+0x40/0xb0 [61811.451471] devres_release_all+0x9b/0xd0 [61811.451473] __device_release_driver+0x1bb/0x2a0 [61811.451476] driver_detach+0xf3/0x140 [61811.451479] bus_remove_driver+0x6c/0xf0 [61811.451481] driver_unregister+0x31/0x60 [61811.451483] pci_unregister_driver+0x40/0x90 [61811.451486] amdgpu_exit+0x15/0x447 [amdgpu]

For smu v13_0_2, if the GPU supports xgmi, refer to

commit f5c7e7797060 ("drm/amdgpu: Adjust removal control flow for smu v13_0_2"),

it will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing, which makes all devices in hive list have hw reset but no resume except the basic ip blocks, then other ip blocks will not call .hw_fini according to ip_block.status.hw.

Since psp_free_shared_bufs just includes some software operations, so move it to psp_sw_fini.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-772"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix calltrace warning in amddrm_buddy_fini\n\nThe following call trace is observed when removing the amdgpu driver, which\nis caused by that BOs allocated for psp are not freed until removing.\n\n[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy]\n[61811.450577] Call Trace:\n[61811.450577]  \u003cTASK\u003e\n[61811.450579]  amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu]\n[61811.450728]  amdgpu_ttm_fini+0x207/0x290 [amdgpu]\n[61811.450870]  amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[61811.451012]  gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu]\n[61811.451166]  amdgpu_device_fini_sw+0x117/0x520 [amdgpu]\n[61811.451306]  amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[61811.451447]  devm_drm_dev_init_release+0x4d/0x80 [drm]\n[61811.451466]  devm_action_release+0x15/0x20\n[61811.451469]  release_nodes+0x40/0xb0\n[61811.451471]  devres_release_all+0x9b/0xd0\n[61811.451473]  __device_release_driver+0x1bb/0x2a0\n[61811.451476]  driver_detach+0xf3/0x140\n[61811.451479]  bus_remove_driver+0x6c/0xf0\n[61811.451481]  driver_unregister+0x31/0x60\n[61811.451483]  pci_unregister_driver+0x40/0x90\n[61811.451486]  amdgpu_exit+0x15/0x447 [amdgpu]\n\nFor smu v13_0_2, if the GPU supports xgmi, refer to\n\ncommit f5c7e7797060 (\"drm/amdgpu: Adjust removal control flow for smu v13_0_2\"),\n\nit will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing,\nwhich makes all devices in hive list have hw reset but no resume except the\nbasic ip blocks, then other ip blocks will not call .hw_fini according to\nip_block.status.hw.\n\nSince psp_free_shared_bufs just includes some software operations, so move\nit to psp_sw_fini.",
  "id": "GHSA-c3cj-qmvm-36gx",
  "modified": "2025-11-24T21:30:57Z",
  "published": "2025-09-15T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53152"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01382501509871d0799bab6bd412c228486af5bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/756d674117f5c451f415d1c4046b927052a90c14"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab6f446c220db0c131f2071846afd835799be0fb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.